Today Firefox 43 was released by Mozilla. We just deployed it to our browser cloud and it's now available to all users. You can now cross-browser test your websites in Firefox 52!

Cross-browser testing in Firefox 43

Try Firefox 43 in Browserling now!

What's new in Firefox 43?

  • On-screen keyboard displayed on selecting input field on devices running Windows 8 or greater.
  • Improved API support for m4v video playback.
  • Users can choose search suggestions from the Awesome Bar.
  • Private Browsing with Tracking Protection offers choice of blocking additional trackers.
  • Firefox Health Report has switched to use the same data collection mechanism as telemetry.
  • Firefox 64-bit for Windows is now available via the Firefox download page.

What was fixed in Firefox 43?

  • Eyedropper tool didn't work as expected when page was zoomed.
  • Various security fixes.

What security issues were fixed in Firefox 43?

  • Crash with JavaScript variable assignment with unboxed objects.
  • Cross-origin information leak through web workers error events.
  • Buffer overflows found through code inspection.
  • Integer overflow in MP4 playback in 64-bit versions.
  • Cross-site reading attack through data and view-source URIs.
  • DOS due to malformed frames in HTTP/2.
  • Same-origin policy violation using performance.getEntries and history navigation.
  • Miscellaneous memory safety hazards.
  • Privilege escalation vulnerabilities in WebExtension APIs.
  • Integer underflow and buffer overflow processing MP4 metadata in libstagefright.
  • Underflow through code inspection.
  • Integer overflow allocating extremely large textures.
  • Hash in data URI is incorrectly parsed.
  • Use-after-free in WebRTC when datachannel is used after being destroyed.
  • Firefox allows for control characters to be set in cookies.
  • Linux file chooser crashes on malformed images due to flaws in Jasper library.
  • Access to Web Storage (i.e. localStorage and sessionStorage) from third-party IFrames is now denied if the user has disabled third-party cookies.
  • This whitelist has even been removed in Nightly and Aurora/Dev Edition of the browser. It is currently scheduled that this removal will also happen for Beta and Release versions for the next version (Firefox 44).
  • Subresource integrity has been implemented for <script> and <link> that links to stylesheets.

What's new for developers in Firefox 43?

  • WebIDE now has a sidebar-based UI.
  • Unprefixed 'hyphens' property is now supported.
  • Subresource integrity allows developers to make their sites more secure.
  • Added ability to display server-side logs in the console.
  • Stack traces are now shown for exceptions inside the console.
  • Ability to filter styles from their property names in the rules view.
  • Search button next to overridden CSS properties to find similar properties in the rules view.
  • New 'Use in Console' context menu item in Inspector to store selected element in a temporary variable.
  • Bind F1 key to open the settings when the toolbox is focused.
  • Markup view shows indicators for pseudo-classes locked for elements.
  • Network requests in Console now link to Network panel instead of opening in a popup.
  • Single-process mode is no longer supported for NPAPI plugins.
  • Animation inspector now displays animations in a timeline.
  • The 'transform-origin' property is now supported on SVG elements.

HTML, CSS and JavaScript Fixes and Updates in Firefox 43

  • Support for the standard, unprefixed version of hyphens has been landed.
  • The shorthand property font has been updated to accept font-stretch values.
  • To match a latest evolution of the specification, the :fullscreen pseudo-class now selects the whole stack of elements in full screen, and not only the top-level one.
  • The deprecated SVG values for the writing-mode, lr, lr-tb, rl, tb, and tb-rl, have been added in CSS as aliases to standard properties
  • For <img> with ICO image containing multiple frames, the intrinsic dimension of the image is set to the one of the largest frame, and no more of the smallest frame.
  • The value of the document's viewport (defined with <meta name="viewport>)can now dynamically be changed via JavaScript.
  • The new ES2016 methods Array.prototype.includes() and TypedArray.prototype.includes() are now enabled by default.
  • To match the ES2015 specification, arrow functions no longer have their own arguments object. The arguments object is now lexically bound (inherited from the outer function).
  • The arguments object is now allowed in conjunction with rest parameters.
  • From now on, a mapped arguments object in non-strict functions is only provided if the function does not contain any rest parameters, any default parameters or any destructured parameters.
  • Generators and generator methods are no longer constructable as per ES2016.

IndexDB, Service Workers, WebRTC Updates in Firefox 43

  • A new feature called locale-aware sorting has been added to IndexedDB that allows creating indexes with a locale specified, which can then be used to sort data according to the rules of that locale. This is a non-standard Firefox-specific feature.
  • As per the specification, if ExtendableEvent.waitUntil() is called outside of the ExtendableEvent handler, Firefox will now throw an InvalidStateError; in addition, multiple calls to waitUntil() will now stack up, and the resulting promises will be added to the list of extend lifetime promises.
  • PushMessageData methods have been implemented.
  • The HTMLCanvasElement.captureStream() method has been activated by default.
  • The non-standard constraint style option list for RTCOfferOptions has been deprecated and will be removed entirely in Firefox 44.

Misc Updates in Firefox 43

  • Under Linux, like under Windows, Event.timeStamp now returns a DOMHighResTimeStamp.
  • Support for MouseEvent.offsetX and MouseEvent.offsetY have been activated on Firefox for Android and Firefox OS.
  • The Battery Status API now uses the new promise syntax for Navigator.getBattery(), as specified in the recent evolution of the specificiation.
  • Under Linux, like under Windows, Event.timeStamp now returns a DOMHighResTimeStamp.
  • The HTMLCanvasElement.mozFetchAsStream() method has been removed.

Happy cross-browser testing in Firefox 43!